Amendments to the Claims: 

This listing of the claims will replace all prior versions, and listings, of claims in 
the application: 



Listing of Claims: 

1. (Currently amended) A method for distributed network address translation 
with security, comprising the following steps: 

at a first network device on a first computer network, requesting with a first 
protocol, one or more locally unique security values from a second network device on the 
first computer networ k, wherein the second network device has a publicly routable 
address, and wherein the second network device's publicly routable address in 
combination with the one or more locally unique security values are used to uniquely 
identify the first network device during secure communications with a third network 
device on a second external network and for distribut e d network address translation with 
s e curity ; 

receiving the one or more locally unique security values on the first network 
device from the second network device with the first protocol; and 

storing the one or more locally unique security values on the first network device, 
wherein the one or more locally unique security values are used to create a secure virtual 
connection for secure communications between the first network device and the third 
network device , wherein the secure communications include the one or more locally 
unique secure values, and wherein the second network device routes secure 
communication data from the third network device to the first network device in response 
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to the one or more locally unique security values, and for distribut e d network addr e ss 
translation. 



2. (Currently amended) A computer readable medium having stored therein 
instructions for causing a central processing unit to execute the steps of: 

at a first network device on a first computer network, requesting with a first 
protocol, one or more locally unique security values from a second network device on the 
first computer networ k, wherein the second network device has a publicly routable 
address, and wherein the second network device's publicly routable address in 
combination with the one or more locally unique security values are used to uniquely 
identify the first network device during secure communications with a third network 
device on a second external network and for distributed n e twork addr e ss translation with 
security ; 

receiving the one or more locally unique security values on the first network 
device from the second network device with the first protocol; and 

storing the one or more locally unique security values on the first network device, 
wherein the one or more locally unique security values are used to create a secure virtual 
connection for secure communications between the first network device and the third 
network device , wherein the secure communications include the one or more locally 
unique secure values, and wherein the second network device routes secure 
communication data from the third network device to the first network device in response 
to the one or more locally unique security values, and for distribut e d network addr e ss 
translation. 
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3. (Cancelled) 



4. (original) The method of Claim 1 wherein the one or more locally unique 
security values are one or more security parameter indexes for an Internet Protocol 
security protocol. 

5. (original) The method of Claim 4 wherein the Internet Protocol security 
protocol is any of an Authentication Header protocol, Encapsulated Security Payload 
protocol or an Internet Key Exchange protocol. 

6. (original) The method of Claim 1 wherein the first protocol is a Port Allocation 
Protocol. 

7. (currently amended) The method of Claim 1 wherein the requesting step 
further includes requesting one or more locally unique ports used to uniquely identify the 
first network device on the first networ k for distribut e d n e twork addr e ss translation.^ 
wherein prior to establishing a secure connection, the second network device's publicly 
routable address in combination with the one or more locally unique ports are used to 
uniquely identify the first network device. 
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8. (previously presented) The method of Claim 7 wherein the locally unique ports 
are Port Allocation Protocol ports. 



9. (currently amended) A method for distributed network address translation with 
security, comprising the following steps: 

receiving a request message with a first protocol on a second network device for 
one or more locally unique security values from a first network device; 

allocating one of more locally unique security values on the second network 

device; 

storing a locally unique network address for the first network device with the one 
or more locally unique security values in a table associated with the second network 
device, wherein the table is used to maintain a mapping between a network device and 
one or more locally unique security values for distributed network address translation; 
and 

sending the one or more locally unique security values in a response message with 
the first protocol to the first network device , wherein the second network device has a 
publicly routable address, and wherein the second network device's publicly routable 
address in combination with the one or more locally unique security values are used to 
uniquely identify the first network device during secure communications with a third 
network device on a second external network, and wherein the secure communications 
include the one or more locally unique secure values, and wherein the second network 
device routes secure communication data from the third network device to the first 
network device in response to the one or more locally unique security values. 
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10. (original) A computer readable medium having stored therein instructions for 
causing a central processing unit to execute the method of Claim 9. 



1 1 . (cancelled) 

12. (original) The method of Claim 9 wherein the one or more locally unique 
security values include one or more security parameter indexes for an Internet Protocol 
Security Protocol 

13. (original) The method of Claim 10 wherein the Internet Protocol security 
protocol is any of an Authentication Header protocol, Encapsulated Security Payload 
protocol or an Internet Key Exchange protocol. 

14. (currently amended) A method for distributed network address translation 
using security, comprising the following steps: 

receiving a first message in a second secure protocol on a first network device on 
a first network to establish a secure virtual connection to the first network device from a 
third network device on a second external network; 

selecting a locally unique security value to use for the secure virtual connection 
from a list of locally unique security values, wherein the list of locally unique security 
values was received from a second network device on the first network with a first 
protocol; and 
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sending a second message with second secure protocol to establish a secure 
virtual connection to the first network device on the first network from the third network 
device on the second external network wherein the second message includes the selected 
locally unique security value and security certificate sent to the first network device by 
the second network device , wherein the second network device has a publicly routable 
address, and wherein the second network device's publicly routable address in 
combination with the locally unique security value are used to uniquely identify the first 
network device during secure communications with the third network device on the 
second external network, and wherein the secure communications include the one or 
more locally unique secure values, and wherein the second network device routes secure 
communication data from the third network device to the first network device in response 
to the one or more locally unique security values. 



15. (original) A computer readable medium having stored therein instructions for 
causing a central processing unit to execute the method of Claim 14. 



16. (original) The method of Claim 14 wherein the list of one or more locally 
unique security values is a list of one or more security parameter indexes for Internet 
Protocol security protocol. 



17. (original) The method of Claim 14 wherein the Internet Protocol security 
protocol is any of an Authentication Header protocol, Encapsulated Security Payload 
protocol, or an Internet Key Exchange Protocol. 
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18. (original) The method of Claim 14 wherein the first protocol is a Port 
Allocation Protocol and the second secure protocol is an Internet Protocol security 
protocol. 



19. (original) The method of Claim 14 wherein the secure virtual connection is an 
Internet Protocol security protocol security association. 



20. (currently amended) A method for distributed network address translation 
with security, comprising the following steps: 

sending a request message in a second secure protocol from a first network device 
on a first network to a second network device on the first network, wherein the request 
message in the second secure protocol includes security information; 

routing the request message from the second network device to a third network 
device on a second external network over a secure virtual connection between the first 
network device and the third network device; 

receiving a reply message in the second secure protocol from the third network 
device on the second network device on the first network for the first network device, 
wherein the reply message in the second secure protocol includes security information 
from the request message allocated by the second network device , wherein the second 
network device has a publicly routable address, and wherein the second network device's 
publicly routable address in combination with the security information are used to 
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uniquely identify the first network device during secure communications with the third 

network device on the second external network : and 

routing the reply message from the second network device to the first network 
device on the first network using one or more locally unique ports associated with the 
security information and used for distributed network address translation. 



21 . (original) A computer readable medium having stored therein instructions for 
causing a central processing unit to execute the method of Claim 20. 



22. (original) The method of Claim 20 wherein the step of sending a request 
message in a second secure protocol includes: 

constructing a virtual tunnel header for a local network address determined for the 
second network device; 

prepending the virtual tunnel header to the request message, wherein the virtual 
tunnel header is used to create a virtual tunnel between the first network device and the 
second network device; 

sending the request message to the second network device from the first network 
device over the virtual tunnel. 



23. (original) The method of Claim 20 wherein the step of routing the reply from 
the second network device to the first network device on the first network using the 
locally unique port from the reply in the second secure protocol includes: 
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determining a local network address for the first network device using the locally 
unique port associated with the second network device; 

constructing a virtual tunnel header for the determined local network address for 
the first network device; 

prepending the virtual tunnel header to the reply message, wherein the virtual 
tunnel header is used to create a virtual tunnel between the second network device and 
the first network device; 

forwarding the reply message to the first network device from the second network 
device over the virtual tunnel. 



24. (previously presented) The method of Claim 23 wherein the local network 
address is an Internet Protocol address and the virtual tunnel header is an Internet 
Protocol tunnel header. 



25. (previously presented) The method of Claim 20 wherein the second secure 
protocol is an Internet Protocol security protocol. 



26. (previously presented) The method of Claim 25 wherein the Internet Protocol 
security protocol is any of an Authentication Header protocol, Encapsulated Security 
Payload protocol, or an Internet Key Exchange protocol 

27. (original) The method of Claim 20 wherein the security information includes 
any of a locally unique security value or a security certificate. 
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28. (currently amended) A method for distributed network address translation 
with security, comprising the following steps: 

requesting one or more locally unique ports with a first message from a first 
protocol on a first network device from a second network device, wherein the one or 
more locally unique ports are used for distributed network address translation; 

requesting one or more locally unique security values with a first message from 
the first protocol from the second network device, wherein the one or more locally unique 
security values are used with a second secure protocol to establish a secure virtual 
connection between the first network device and a third network device on a second 
external computer networ k, wherein the second network device has a publicly routable 
address, and wherein the second network device's publicly routable address in 
combination with the one or more locally unique security values are used to uniquely 
identify the first network device during secure communications with the third network, 
and wherein the secure communications include the one or more locally unique secure 
values, and wherein the second network device routes secure communication data from 
the third network device to the first network device in response to the one or more locally 
unique security values; and ar e us e d for distribut e d n e twork addr e ss translation with 
s e curity; 

requesting a security certificate on the first network device from the second 
network device, wherein the security certificate includes a binding between a public 
encryption key and a combination of a network address for the first network device and 
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the one or more locally unique ports and th e s e cond n e twork d e vic e provid e s local 
s e curity c e rtificat e s e rvic e s . 



29. (original) A computer readable medium having stored therein instructions for 
causing a central processing unit to execute the method of Claim 28. 

30. (original) The method of Claim 28 wherein the one or more locally unique 
security values are security parameter indexes from an Internet Protocol security 
protocol. 

3 1 . (original) The method of Claim 28 wherein the second network device is a 
distributed network address translation router. 

32. (original) The method of Claim 28 further comprising: 

establishing a secure virtual connection between the first network device and the 
third network device on the second external network using the security certificate. 

33. (original) The method of Claim 32, wherein the secure virtual connection is 
an Internet Protocol security protocol security association. 

34. (currently amended) A method for distributed network address translation 
with security features comprising the following steps: 
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sending one or more locally unique ports allocated on a second network device on 
a first computer network to a first network device on the first computer network with a 
second message from in a first protocol wherein the one or more locally unique ports are 
used for distributed network address translator translation ; 

sending one or more locally unique security values allocated on the second 
network device to the first network device with a second message from the first protocol 
wherein the one or more locally unique security values are used with a second secure 
protocol to establish a secure virtual connection between the first network device and a 
third network device on a second external computer network and are used for distributed 
network address translation with securit y, wherein the second network device has a 
publicly routable address, and wherein the second network device's publicly routable 
address in combination with the one or more locally unique security values are used to 
uniquely identify the first network device during secure communications with the third 
network device on the second external network, and wherein the secure communications 
include the one or more locally unique secure values, and wherein the second network 
device routes secure communication data from the third network device to the first 
network device in response to the one or more locally unique security values. ; 

sending a security certificate created on the second network device to the first 
network device, wherein the second network device provides local security certificate 
services on the first computer network and wherein the security certificate includes a 
binding for a public encryption key for the first network device and a combination of a 
network address for the first network device and the one or more locally unique ports 
allocated to the first network device to authenticate an identity for the first network 
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device for a secure virtual connection between the first network device and a third 
network device on a second external computer network. 

35. (original) A computer readable medium having stored therein instructions for 
causing a central processing unit to execute the method of Claim 34. 

36. - 39. (cancelled). 
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